Jump to content
shinnok

http://hax.tor.hu/ challenges

Recommended Posts

La adresa http://hax.tor.hu/ se gaseste un wargame-hacking challenge destul de interesant care va v-a testa o multime de cunostinte (programare,php,xss,networking,criptologie,etc...).Cuprinde urmatoarele nivele


Level 1. Make a nasa.gov URL display a text of my choice
Level 2. debfKNH1AvtBo deGH9Aq./kiSY denjFRfA8kzL2
Level 3. Recognize
Level 4. IP address is 72.14.221.104. What contains 'art' that points to it?
Level 5. Password is the owl's name
Level 6. Let's see you do some easy SQL ninjitsu
Level 7. snifflog.txt - ngrep format
Level 8. Password is on a picture: not available from anywhere
Level 9. Elementary Maths
Level 10. A poem
Level 11. As simple as hashing a string
Level 12. Ultra Turing
Level 13. PHP with source - needs exploiting and/or o-o-t-b thinking
Level 14. Recognize #2
Level 15. download.com's uptime
Level 16. root:hsmfs;g@10.0.0.5
Level 17. Feed me!
Level 18. Find all usernames
Level 19. red+blue+green = ?
Level 20. Recognize #3
Level 21. Backdoor on a suspended domain
Level 22. MS-Word
Level 23. Too easy
Level 24. Defense Intelligence Agency
Level 25. BitNinja
Level 26. PHP filemanager with source - needs more exploit
Level 27. The photo doesn't load
Level 28. [url]telnet://hax.tor.hu:1800[/url] - Google Word Game
Level 29. Circumvent PHP filters for XSS
Level 30. Create the given image using a number
Level 31. Find all usernames v2.0
Level 32. Exploit file2image.php
Level 33. Defense Information Systems Agency - 199.57.1.130
Level 34. Password is in the image
Level 35. Follow the pattern
Level 36. Root password needed
Level 37. password = f(200)
Level 38. Name the malware
Level 39. China Science And Technology Network
Level 40. I can has satellite?
Level 41. Poem vs PHP
Level 42. Criminal Minds FBI haxor scene
Level 43. CNN's router
Level 44. Blind SQL injection
Level 45. Frogs n Toads
Level 46. Seizure!!!!!!!
Level 47. Backdoor is listening on host - find it
Level 48. .htaccess editor vs basic auth
Level 49. Forged DNS from the CIA
Level 50. No info

Astea dupa ce treceti de primele 5 ca sa va puteti inregistra.

Momentan eu sunt la level13 si mi s-a parut destul de interesant si inovator.Try it out!

  • Thanks 1
Link to comment
Share on other sites

Incearca sa pui in textboxul password diferse caractere : a ,b ,z,abc si vei vedea ca iti apare sub textbox forma encriptata deasemenea daca te joci putin vei vedea ca din cele doua numere pe caracter encriptat doar primul este important.Acum stii deajuns ca sa poti decripta 66 202 73 73 84 132 88 249.

GL :D

Link to comment
Share on other sites

Garantat nu faci ceva bine. Nu mai stiu exact command line-ul, dar fa un fisier, cauta cum arata un exemplu de passwd, root:parolacriptata::/bash... plm, you get the point. Si in loc de parolacriptata, pune parolele alea encriptate... in fiecare linie, fa un user diferit.. prima linie, in loc de root, de exemplu, scrie 1 (sa-ti fie mai usor sa le identifici dup-aia), a 2-a linie, alt user, pe nume 2, cu a 2-a parola encriptata, restul ramane la fel. Hope it helps ;)

Link to comment
Share on other sites

debfKNH1AvtBo deGH9Aq./kiSY denjFRfA8kzL2 deCfBQ0MS4MSA delCZeH4hHOq. deKaHJpaMFqSk deURVbdSEtxPo deImhlc0Y/L/k dehu92waVC.Pk deVX2jv60XD4Q detlQw1i3GbU2 der4QGDteh9qY

Dar e tare ciudat nivelu.Care ar veni user si care password?

Cum ar trebui sa le asez in fisierul .txt ?

Edit:L-am trecut:D

Link to comment
Share on other sites

debfKNH1AvtBo deGH9Aq./kiSY denjFRfA8kzL2 deCfBQ0MS4MSA delCZeH4hHOq. deKaHJpaMFqSk deURVbdSEtxPo deImhlc0Y/L/k dehu92waVC.Pk deVX2jv60XD4Q detlQw1i3GbU2 der4QGDteh9qY

Dar e tare ciudat nivelu.Care ar veni user si care password?

Cum ar trebui sa le asez in fisierul .txt ?

Edit:L-am trecut:D

all you do now is enter 7 words with spaces between them

Link to comment
Share on other sites

Garantat nu faci ceva bine. Nu mai stiu exact command line-ul, dar fa un fisier, cauta cum arata un exemplu de passwd, root:parolacriptata::/bash... plm, you get the point. Si in loc de parolacriptata, pune parolele alea encriptate... in fiecare linie, fa un user diferit.. prima linie, in loc de root, de exemplu, scrie 1 (sa-ti fie mai usor sa le identifici dup-aia), a 2-a linie, alt user, pe nume 2, cu a 2-a parola encriptata, restul ramane la fel. Hope it helps ;)

Multumesc pentru indicatii tuturor!

Link to comment
Share on other sites

Jack the Ripper
;) google it!

Mersi pentru raspuns. Cu JTR am incercat de cateva ori, de fiecare data imi zice "no hash passwords found".

Cred ca nu creez bine fiserul in care trebuie sa existe stringul de decriptat.

pt a sparge parolele e john the ripper nu jack..... pt devianc3 si brugner

Jack Daniels... John Daniels vs. Jack the ripper ... John the ripper. Esenta tot aia e...:)

Link to comment
Share on other sites

Care palaria mea aveti idee la 4

IP address is 72.14.221.104. Password is a domain (domain.tld format, no subdomains) that contains the word "art" and resolves to it. You don't have to buy a domain :)

Reverse IP Domain de pe RST nu merge.

GoogleEarth

Te astept la 7... sa imi zici daca treci :)

Link to comment
Share on other sites

AAaah... 7-le e ala super-complicat. Unde iti da un log in hex, si un link la codul sursa al unui exploit mysql?.. right?... Ala e greu.. stiu ca si mie Grunt (thank you) mi l-a explicat...

Ala e!!! problema e ca trebuie sa adaptezi si logul in hex si exploitul...

Mai incerc....

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...